<%
'--------------------------------------------------------------------------------------------
'Questa funzione serve a controllare che i file singoli non siano
'richiamati dal browser ma solo da OpenAsp, nel caso in cui il browser tenta di aprire tali file
'l'utente viene subito rimandato alla homepage del sito
'splitto la stringa SQL per recuperare la pagina che si cerca di aprire
i = split(request.ServerVariables("HTTP_URL"), "/")
'confronto il nome del modulo con la funzione Ubound che mi restituisce il massimo
'valore dell'array, quindi il nome della pagina richiesta dall'utente, se coincidono
'rimando alla index
if strComp("editnews.asp", i(Ubound(i)), 1) = 0 then
  response.redirect request.servervariables("HTTP_REFERER")
end if

'RECUPERO LE CONFIGURAZIONI PRINCIPALI PER IL MODULO NEWS

'avvio la connessione
strSQL = "SELECT * FROM TB_NEWS_CONFIG"
Set tbNews = addConn.Execute(strSQL)

'recupero le variabili
NEWS_HOME = tbNews("NEWS_HOME")
NEWS_DESC_MAX = tbNews("NEWS_DESC_MAX")
NEWS_COMM_MAX = tbNews("NEWS_COMM_MAX")
NEWS_TOT_PAGE = tbNews("NEWS_TOT_PAGE")

Set tbNews = Nothing
%>
<br /><br />
	 <%

function isNewsMod(user, cat)
	if user <> "" and cat <> "" then
		if isNumeric(user) and isNumeric(cat) then
			set testRS = addConn.Execute("SELECT * FROM TB_NEWS_MOD WHERE IDutente = " & user & " AND IDcateg = " & cat)
			if not testRS.EOF then
				isNewsMod = true
			else
				isNewsMod = false
			end if
		else
			isNewsMod = false
		end if
	else
		isNewsMod = false
	end if
end function
	 
	 'AVVIO UN CASE PER SCEGLIERE IL TIPO DI AZIONE DA SVOLGERE
	 Select case request.QueryString("action")
	 CASE "", 0:
  set newsRS = addConn.Execute("SELECT * FROM TB_NEWS WHERE IDnews = " & request.QueryString("id"))
 if not isNewsMod(session("uID"), newsRS("IDcategoria")) AND session("LivelloUser") < 2 AND not isADM(session("uID"), "news") then
  	response.Redirect "admin.asp?modulo=news"
  end if
%>
<div id="position">
      &raquo; <a href="admin.asp" class="testo">Control Center</a> &raquo; <a href="admin.asp?modulo=news"><%=request.QueryString("modulo")%></a>
</div>
<div id="page">
<form name="form" action="admin.asp?modulo=news&amp;op=editnews&amp;action=1&amp;id=<%=newsrs("idnews")%>" method="post">
<input type="hidden" class="inputclass" name="autore" value="<%=newsRS("autore")%>" />
<input type="hidden" class="inputclass" name="data" value="<%=newsRS("data")%>" />

   <%=traduci("ling_news_23")%>
	<select name="cat" class="selectclass">
		<%
		set catRS = addConn.Execute("SELECT * FROM TB_NEWS_cAT")
			Do while NOT catRS.EOF
				response.Write "<option style='text-align:left' value=""---"" "
				call selected(catRS("IDcategoria"),request.QueryString("catid"))
				response.Write ">&raquo;" & catRS("nomeCat") &  "</option>"
				set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDcategoria = " & catRS("IDcategoria"))
				if not topRS.EOF then
					Do while NOT topRS.EOF
						response.Write "<option value=""" & topRS("IDtopic") & """ "
						call selected(topRS("IDtopic"),request.QueryString("topicid"))
						response.Write ">" & topRS("nomeTopic") &  "</option>"
						topRS.moveNext
					Loop
				end if
				set topRS = Nothing									
				catRS.moveNext
			Loop
		%>
	</select>
	<br /><br />
   <%=traduci("ling_news_26")%>
   <input type="text" name="titolo" class="inputclass" value="<%=newsRS("titolo")%>" maxlength="50" /> <%=traduci("ling_news_76")%>
	<br /><br />
	<%=traduci("ling_news_36")%>
	  <select class="inputclass" name="prior">
	   <option value="0" <%call selected(0, newsRS("prior"))%>>Normale</option>
	   <option value="1" <%call selected(1, newsRS("prior"))%>>Alta</option>
	  </select>
	<br /><br />
	<%=traduci("ling_news_77")%>
	<select class="selectclass" name="lingua">
    <%
	  'Recupero tutti file dei themes e li raccolgo in un campo select
	  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
	  Set objFolder = objFSO.GetFolder(Server.MapPath("lingua/"))
	  For each objFile in objFolder.Files
		%>
		<option value="<%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%>" <%call selected(Replace(Replace(objFile.Name, "lingua-", ""), ".xml", ""), newsRS("Lingua"))%>><%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%></option>
		<%
	  Next
    %>		
	</select>
	<br /><br />
    <%=traduci("ling_news_85")%>
	 <textarea name="ante" class="news" style="width:100%; height:80px;"><%=replace(newsRS("ante"), "<br />", chr(10))%></textarea>
	<br /><br />
	<%=traduci("ling_news_86")%>
    <br /><br />
	<textarea name="testo" class="editor" style="width:100%; height:400px;"><%=newsRS("news")%></textarea>
					<%
					Call creaComponente("editor","def")
 strSQL = "SELECT * FROM TB_NEWS WHERE IDnews = " & request.QueryString("id")
 Set rs = addConn.Execute(strSQL)
 setValue(rs("news"))
 Set rs = Nothing
%>
<script type="text/javascript">
 //CONTROLLO CHE SIA PRESENTE IL testo DEL COMMENTO
function test(){
		if (window.document.form1.titolo.value == ""){
			window.alert("<%=traduci("ling_news_18")%>");
			return false;
		}
		if(window.document.form1.cat.options[window.document.form1.cat.selectedIndex].value == "---"){
			alert("<%=traduci("ling_news_20")%>");
			return false;
		}

 }
</script>
<button class="buttonclass" onClick="test()">invia</button>
</form>
<%set newsRS = Nothing%>
<% 
 CASE 1:
   set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDtopic = " & request.Form("cat"))
	categ = topRS("IDcategoria")
   set topRS = Nothing 
    if not isNewsMod(session("uID"), categ) AND session("LivelloUser") < 2 AND not isADM(session("uID"), "news") then
  	response.Redirect "admin.asp?modulo=news"
   end if
   addConn.Execute("UPDATE TB_NEWS SET autore = '"&request.Form("autore")&"', news = '"&testSQLinj(request.Form("testo"))&"', ante = '"&replace(testSQLinj(request.Form("ante")), chr(10), "<br />")&"', titolo = '"&testSQLinj(request.Form("titolo"))&"', IDtopic = '"&request.Form("cat")&"', IDcategoria = '"&categ&"', Lingua = '"&request.Form("Lingua")&"', prior = '"&request.Form("prior")&"', Datapub = '"&DateToSTR(STR_TIME)&"', stato = '1' WHERE IDnews ="&request.QueryString("id"))
   call autoReturn("default.asp?modulo=news", 2)
 End select
%>
</div>